Anti-money laundering - thoughts from an AML/CFT supervisor

A speech delivered to the ACAMS[1] and
FIU[2] Anti-Money Laundering and Countering
Financing of Terrorism Seminar 2013 in Wellington

Anti-money laundering ("AML") supervision gets underway on 30
June 2013. By that date, the three AML/CFT supervisors ("AML
supervisors") - the Department of Internal Affairs ("DIA"),
the Financial Markets Authority and the Reserve Bank - expect reporting entities
to be compliant with the AML regime. Today I will offer some thoughts on how the
Reserve Bank will be approaching its responsibilities in this area.

The overarching reason for the AML regime is to reduce crime and make our
communities safer. All of us here today - supervisors, reporting entities,
advisers, the Financial Intelligence Unit – want to see a successful and
effective regime, and less crime and safer communities as a result.

I will begin by focusing on the key, fundamental drivers and common interests
we all share. I will then comment on supervision and enforcement. These matters
involve questions of:

Why do we care about the effectiveness and success of the AML regime?

What should reporting entities expect from their AML supervisor when they
conduct their AML supervisory activities? and

How will the supervisors approach examples of
non-compliance?

Why do we all care?

Money laundering and the underlying criminal activity that generates the
proceeds is a massive international problem. Although it is notoriously
difficult to estimate actual amounts laundered, some commentators estimate that
earnings from crime (excluding tax evasion) amount to approximately 2-3% of
GDP[3]. In 2011 that would translate to
approximately USD$300-450 billion in the USA and approximately NZD$4-6 billion
for New Zealand. Even if only one tenth of those proceeds of crime is laundered,
you can see that the potential scale of the problem is
huge.[4] New Zealand has comparatively low rates
of crime and corruption, but we are not immune.

The first objective of the AML legislation is "to detect and deter
money laundering". This is a key step towards rooting out and prosecuting
the perpetrators of the underlying criminal activity. An effective AML regime
helps to take the profit out of crime.

Detecting laundering of proceeds of crime is a key part of the AML regime.
But it is also about detecting and deterring the financing of terrorism.
Although New Zealand seems far away from international terrorism, we are not
immune from being involved in activities related to the financing of terrorism.
Financing terrorism is a global activity and a serious global problem.
Terrorists are able to take advantage of any AML weaknesses in any
jurisdiction's banking and money remitting systems, and many highly
effective acts of terrorism have been able to be carried out with quite limited
funding, literally on a shoestring budget. As a jurisdiction we need to have
effective AML laws in place. And reporting
entities[5] need to be vigilant in adhering to
those laws. It is not farfetched to suggest that one suspicious transaction
report could help to prevent a future Bali bombing or Boston marathon-type
event.

Why does it matter for New Zealand?

The second objective of the AML legislation is "to maintain and enhance
New Zealand's international reputation..." by adopting the
international Financial Action Task Force (FATF) standards. New Zealand cannot
afford to be seen as a weak link in the chain of international efforts to tackle
money laundering and the financing of terrorism. If FATF were to give New
Zealand a poor AML rating at its next review (currently likely to occur in
2016), the consequences could be severe.

Compliance with the FATF recommendations helps maintain New Zealand's
reputation on the world stage, by demonstrating our commitment to international
efforts to combat money laundering and the financing of terrorism.

Global businesses are becoming more aware of the international reputations of
the jurisdictions they do business with and in. They regard a country's
FATF assessment rating as a key measure of the robustness of that
country's AML regime. An unfavourable assessment from FATF would mean that
New Zealand businesses would face costs, delays and other barriers when doing
business with overseas trading partners and global businesses. Consequently, we
all have a strong incentive to ensure that the AML regime is successful.

The alternative is not an option. A weak AML regime and an unfavourable
assessment by FATF would damage New Zealand's international reputation and
the prospects of New Zealand businesses on the international stage. It would
also increase the likelihood that organised criminal groups and financiers of
terrorism will try to exploit New Zealand's financial system.

What should reporting entities expect from the supervisors when they conduct
their AML supervisory activities?

The AML supervisors have several functions under the AML legislation, of
which the key ones are:

Monitoring and assessing the risk of money laundering across the reporting
entities we supervise;

Monitoring reporting entities for compliance with the legislation; and

Investigating reporting entities and enforcing compliance with the
legislation.

On 30 June, the primary focus of the supervisors will be on the second
function, monitoring compliance, with lesser focus on the other two, assessing
risk across our sectors and investigation and enforcement. Let me explain
why.

Each of the supervisors has assessed the risk of money laundering across its
sector. That work is contained in the sector risk assessments that you are
familiar with and one that will be published later this year. (DIA has
extensively revised its sector risk assessments and intends to publish the
revision before December 2013.) Further work on those sector risk assessments
will be essential when the supervisors have conducted extensive monitoring and
obtained better information on their reporting entities' compliance. So
updating and refining each supervisor's sector risk assessments will not
be the primary focus of the supervisors come 30 June.

Similarly, investigating and enforcing compliance also depends on the
supervisors first having monitored compliance. Monitoring activity will alert us
to the majority of potential breaches. (We encourage whistle blowers or
customers to alert us, and will take such reports seriously, but realistically
we expect to find out more from our own activities).

So from 30 June the primary focus of all three supervisors will be on
supervision; that is monitoring our reporting entities' compliance with
the legislation. I will later describe how the supervisors might approach
enforcement, but first some comments on supervision, since many of you are
likely to have a supervisory interaction with your supervisor, while a smaller
group may be subject to investigation and enforcement.

The supervisors have developed a range of tools with common features to help
monitor their reporting entities' compliance. The supervisors will be
using all or some of the following tools when performing their monitoring
activities: onsite inspections, desk-based reviews and surveys or
questionnaires.

The way that supervisors deploy these tools will vary – for obvious
reasons – so I want to describe generally how the supervisors intend to
use those tools and comment on the Reserve Bank's supervisory programme
for 2013-2014.

Onsite inspections

In the vast majority of instances, the supervisors will give reporting
entities adequate and reasonable notice about an onsite inspection. Usually they
will request information in advance of the onsite inspection.

The scope of inquiries that the supervisors make during an onsite inspection
will vary. Some onsite inspections may focus on a single obligation and may be
completed quickly. But other onsite inspections may cover many of the reporting
entity's obligations, and take several weeks to complete. The time the
supervisors actually spend onsite will vary; some may take several weeks but the
Reserve Bank's onsite inspections are unlikely to last any longer than a
week.

The Reserve Bank's onsite inspection programme contains the times for
each onsite inspection, identifies the inspectors for each such onsite review,
and identifies the reporting entities that will be subject to an onsite
inspection. The reporting entities that will receive an onsite inspection have
been divided into three groups, broadly on the basis of their risk rating. The
Reserve Bank's AML analysts have been divided into three teams of
inspectors, with each team being responsible for the onsite assessments for one
of the groups of reporting entities for a four month period. The onsite
inspections will be spread evenly over the next 12 months, except for the summer
break.

The onsite inspections will be a resource intensive tool. For example, about
half AML analysts' time will be spent on onsite inspections (although the
majority of that time will be preparation and report writing, rather than
actually onsite).

We have developed a set of procedures, processes and templates, together with
an obligations register, to ensure that our onsite inspections are carried out
in a consistent manner. We expect that, for the larger or more complex
reporting entities, the onsite inspections will target key areas of compliance,
rather than every area of compliance. We will provide feedback to the relevant
reporting entities that have an onsite inspection.

Desk-based reviews

All supervisors will use desk-based reviews as a key tool to monitor
compliance. In essence, a desk-based review will involve the supervisor
requesting information, documents and records, relevant to one or more AML
obligation, from a reporting entity.

For the desk-based reviews that the Reserve Bank intends to perform, we have
developed a supervisory programme that:

contains general timeframes (by reference to a particular month) for each
desk-based review; and

identifies the reporting entities that will be subject to a desk-based
review.

As with onsite inspections, it will not necessarily be planned, or perhaps
even practicable, to assess a reporting entity's compliance with all
obligations. We expect that, for many reporting entities, the desk-based reviews
will target key areas of compliance, rather than every area of compliance. We
have developed procedures, processes, templates, and an obligations register, to
ensure that our desk-based reviews are carried out in a consistent manner. By
way of example, a desk-based review may involve an end to end analysis of an
entity's processes for making suspicious transaction reports.

Thematic surveys and questionnaires

Thematic surveys can be an efficient way of monitoring compliance with
specific obligations or among specific groups of reporting entities. These
thematic surveys will be in addition to the annual reports that each reporting
entity will need to complete and submit to its supervisor, starting in August
2014.

The Reserve Bank expects to conduct between one and three thematic surveys in
the first year of supervision. In our supervisory programme we have:

described our current preference in respect of the themes, topics and focal
points for each questionnaire; and

decided general timeframes when the questionnaires/surveys will be
conducted.

By way of example, the Reserve Bank may conduct a survey
of selected life insurers in relation to aspects of the exemptions available for
some insurance products.

Each supervisor recognises that the tools they deploy will need to be refined
in light of experiences and feedback gained during the supervisory process. All
are conscious that we are entering new territory; no one in New Zealand has been
responsible for monitoring such a comprehensive suite of AML obligations before.
Consequently, it is important that supervisors be:

alert to all potential areas of improvement and refinement; and

prepared to be flexible.

How reporting entities can help make supervision a success

The three supervisors are well prepared for supervision, and will be able to
monitor reporting entities' compliance in an effective, risk-based manner.
But the monitoring process is not a unilateral activity; its success depends
greatly on the cooperation of the reporting entities. All of the supervisors
have the statutory powers to ensure that reporting entities engage effectively,
and do not anticipate needing to exercise those powers.

How will the supervisors approach non-compliance?

The primary focus of the supervisors on 30 June will be on monitoring
compliance, not investigating reporting entities and enforcing compliance. But
some of you may feel apprehensive about how the supervisors will approach
enforcement of breaches in the first year of supervision. My comments will,
hopefully, allay some of that apprehension for most of you.

Despite having a different supervisor, we expect that each sector of
reporting entities will be able to detect the similarities in the three
supervisors' approaches to enforcement.

Each AML supervisor supervises a sector of reporting entities that has
obvious distinguishing characteristics. The Reserve Bank's sector is
smaller in number, and includes very large (and inherently higher risk) entities
such as registered banks. We consider that our reporting entities are generally
well prepared for commencement of the AML regime. Other sectors, in contrast,
are larger in number and include a significant number of small entities, some of
which are less familiar with the obligations under the legislation and may be
non-compliant with some aspects of it. Some of those non-compliant entities may
represent high money laundering risk.

This may lead to differences in approaches to enforcement. A supervisor who
has a significant number of small and less informed reporting entities may
consider it appropriate to be facilitative and proactively assist some of its
reporting entities towards being compliant.

A supervisor who has a sector that represents both high compliance risk and
high money laundering risk may well take a firm stance from the outset with
serious or criminal non-compliance.

Despite any differences in operating style, the core elements of the
supervisors' approaches to enforcement are similar. The following elements
in respect of the Reserve Bank's intended approach to enforcement are very
similar to the comparable elements of the other supervisors'
approaches.

The Reserve Bank's primary focus will be on monitoring and supervisory
activity, as distinct from enforcement. Although it is inevitable that our
supervisory activities will detect some non-compliance with the AML obligations,
we expect that many of these instances can be dealt with by a supervisory
approach, rather than by overt enforcement action. We often deal with compliance
breaches through a supervisory approach that results in the entity returning to
a compliant state promptly and/or introducing mitigation steps to prevent the
issue arising again.

Where material breaches are detected, the supervisory team will determine
whether the reporting entity and the breach should be referred to the
Bank's investigations team. In deciding whether to do so, the supervisory
team will examine all relevant circumstances, including:

whether the potential breach is the result of a lack of clarity in the
legislative landscape;

whether the reporting entity has made a genuine attempt to comply but has
made a reasonable mistake; and

whether the reporting entity is currently applying for an exemption or has
only recently been declined.

Referral of a breach to the investigations team does not necessary mean there
will be formal enforcement action. If prosecution is recommended, additional
hurdles will need to be cleared, including a public interest test (for
prosecutions) and further senior approval within the Reserve Bank.

Consequently, breaches need not be dealt with through enforcement. But please
don't get complacent. The Reserve Bank and the other supervisors expect
reporting entities to be compliant with their AML obligations from 30 June. Any
reporting entities that have not made a genuine and reasonable attempt at
compliance and are found to be in breach are likely to experience formal
enforcement action. Similarly DIA has stated that it will take a firm stance
from the outset if it detects serious or criminal non-compliance. In contrast,
reporting entities that have made a genuine and reasonable attempt to comply,
but seem to be in breach nevertheless, are more likely to face supervisory
rather than enforcement interaction at this early stage in the implementation of
our AML regime.

Conclusion

So to recap my key messages:

Our AML regime is part of a coordinated international effort to tackle two
worldwide problems;

New Zealand cannot afford to be a weak link in the chain of international
efforts to tackle money laundering and the financing of terrorism; and

The supervisors are tasked with supervising entities and are well placed to
begin their new role. The purpose of supervision is to check that firms have the
systems in place to comply with their AML obligations, including to detect and
report suspicious activity. While the new regime beds in, the emphasis will be
on the monitoring of compliance with the legislation, ahead of taking
enforcement action.

[4] The FIU's 2010
National Risk Assessment contains a "rough estimate" of NZD$1-1.5
billion as the extent of money laundering in New Zealand.

[5] Reporting entities
are the financial institutions and casinos that are subject to the AML
legislation. The Reserve Bank's reporting entities comprise registered
banks, life insurers and non-bank deposit takers.